You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Web application RP1 offers sign in/sign up functionality for users of identity provider IDP1, abusing OAuth2 (eg conducting an OAuth2 authorization code flow, attempting an API call with the resulting access token and considering the user signed in eg creating a session cookie if the call succeeds).
Ignoring how IDP1 authenticates the user, apart from the fact that successful auth results in a cookie in IDP1 domain.
Notable: the user agent doesn't see any user info, all exchanges occur server side.
The text was updated successfully, but these errors were encountered:
Web application
RP1offers sign in/sign up functionality for users of identity providerIDP1, abusing OAuth2 (eg conducting an OAuth2 authorization code flow, attempting an API call with the resulting access token and considering the user signed in eg creating a session cookie if the call succeeds).Ignoring how
IDP1authenticates the user, apart from the fact that successful auth results in a cookie inIDP1domain.Notable: the user agent doesn't see any user info, all exchanges occur server side.
The text was updated successfully, but these errors were encountered: